Learn the top quick steps, then deepen your knowledge and learn more strategies with key IU resources from Protect IU and the IU Knowledge Base.
Plus, find high-quality training resources available at IU.
Learn the top quick steps, then deepen your knowledge and learn more strategies with key IU resources from Protect IU and the IU Knowledge Base.
Plus, find high-quality training resources available at IU.
If you can't verify the sender, do not click at all.
How: If the email refers to a known website, type that website address into a new browser window instead and check for information there.
Suspect it's a phish? Send the alert.
How: Contact your campus UITS Support Center for help on how to report it.
Description of the video:
[ Music ]
>> Hold on there. Think before you click. One good way to recognize a phish or a malicious email is to verify the sender. Double-click on the sender's name to see the real email address. If using Gmail, move your mouse over the text, but don't click. If using a mobile device, tap instead. If the revealed email address isn't what you expected for that sender, beware it could be a phish. This email is definitely a phish. So ask yourself did you expect an email from this person or group? Is the sender's actual email address legitimate, including the full domain after the @ sign? If you can't verify the sender, do not click any links or take any requested action. Instead, look carefully at the email. If it appears suspicious, report it. There are even more ways to recognize a wolf in sheep's clothing, but checking the sender's real address is a good step. Find more tips to recognize, rethink, and report on phishing.iu.edu.
[ Sheep bleating ]
Double-click or tap the sender's name to view the real email address. (In Gmail, hover over the sender's name, which means to move your mouse over the text but don't click.)
Make sure it matches the expected email address and has a legitimate domain after the @ symbol in the email address. (For example, "@ iu.edu" has a legitimate IU domain, but "@ indiana.me" does not have a legitimate IU email domain.)
Look for the indication of a digital signature on the email, if you know the sender uses one. Not all IU members are required to use digital signatures, although it is a recommended best practice for those who are able.
Official IU emails now use the secure IU Trusted Footer. This shows who the message is from and who it is intended for in the text at the bottom of the email.
By recognizing quickly which emails are from non-IU senders, you can better spot potential phishing attempts. You can now turn on external email flagging with the new IU Security Center.
Think carefully about whether the named email source should make this type of request.
Get tips from Protect IU on spotting potential concerns.
Note: As of July 24, 2019, all IU email accounts will have external flagging turned on by default. Visit the Security Center for more information. Plus, view the latest Think Before You Click video about external email flagging.
Before clicking, make sure you trust the destination of the URL. Some links can trick viewers by having a safe URL as the viewable text, but the actual destination URL is a scam site. Remember the phrase "hover to discover." Here's how:
Practice with this link. Hovering should reveal the URL "https://www.iu.edu/" in small text at the bottom left of this web browser window.
When you hover in your email, often the full URL will appear in small text right next to the link.
Before you click, always be sure you trust the full URL.
Description of the video:
[ Music ]The best solution is to go directly to a known website address rather than clicking links in an email. Instead of clicking links in notification emails, go to the trusted website address and check for notices there.
Learn more about making sure a website is genuine.
Think critically about the way the email is worded and what the request is. Anything urgently requesting action regarding financial transactions or providing sensitive information should be a red flag to investigate carefully.
Get more tips from the Protect IU site on how to analyze messages.
Viewing emails in plain text can reveal details that scammers try to hide, including full URLs for all links.
You can use the built-in reporting features in Outlook to report suspicious email to the IT Security Office.
Report a phishing message in OutlookIf you can't verify the sender, don't click the attachment. Attachments are a key way that malware and harmful files are sent in phishing attacks.
Description of the video:
[ Music ]If you don't have other means to report quickly, contact your IT Pro or the UITS Support Center.
UITS Support Center contact information
Using any major email provider, you can forward the message to phishing@iu.edu with full headers to report a suspected phishing email.
Learn how to forward with full headers
(Instructions for each email client are provided.)
The Protect IU website provides great resources for personal preparedness in online safety.
To guard against phishing scams, consider the following:
Read your email as plain text.
Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client's ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans.
On an iOS device, tap and hold your finger over a link to display the URL. Unfortunately, Android does not currently support this.
When you recognize a phishing message, first report it as noted below, and then delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the websites it points to.
To learn more about guarding against phishing scams, see:
Request a "Think before you click" instructor-led workshop with IT Training.